Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed.
The ProxyShell bugs, which are tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, can be chained to run arbitrary code without authentication. The first two bugs were patched in April, while the third received a fix in May.
Researchers with security consulting firm DEVCORE exploited the security holes at the 2021 Pwn2Own hacking contest, but technical details were made public only a few weeks ago, at the Black Hat and DEF CON cybersecurity conferences.
Soon after, the first scans for vulnerable Exchange servers commenced, and the first attacks targeting the exposed servers – over 30,000 of them – were also observed.
Last week, security researchers identified more than 1,900 unpatched systems that were compromised, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on attacks targeting Exchange servers affected by the ProxyShell flaws.
In a blog post on Wednesday, Microsoft underlined the importance of installing patches in a timely manner, noting that only systems without the already issued fixes are susceptible to compromise.
“This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities. If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are pr ..
Support the originator by clicking the read the rest link below.
